US9866560B2 - Secure data access - Google Patents

Secure data access Download PDF

Info

Publication number
US9866560B2
US9866560B2 US14/007,560 US201214007560A US9866560B2 US 9866560 B2 US9866560 B2 US 9866560B2 US 201214007560 A US201214007560 A US 201214007560A US 9866560 B2 US9866560 B2 US 9866560B2
Authority
US
United States
Prior art keywords
data
pointer
location
address
document
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
US14/007,560
Other languages
English (en)
Other versions
US20140223574A1 (en
Inventor
Mordehai MARGALIT
Vered Zilberberg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MORDEHAI MARGALIT HOLDINGS Ltd
Empire Technology Development LLC
Original Assignee
Empire Technology Development LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Empire Technology Development LLC filed Critical Empire Technology Development LLC
Assigned to MORDEHAI MARGALIT HOLDINGS LTD. reassignment MORDEHAI MARGALIT HOLDINGS LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MARGALIT, MORDEHAI, ZILBERBERG, Vered
Assigned to EMPIRE TECHNOLOGY DEVELOPMENT LLC reassignment EMPIRE TECHNOLOGY DEVELOPMENT LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MORDEHAI MARGALIT HOLDINGS LTD.
Assigned to MORDEHAI MARGALIT HOLDINGS LTD. reassignment MORDEHAI MARGALIT HOLDINGS LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MARGALIT, MORDEHAI, ZILBERBERG, Vered
Assigned to EMPIRE TECHNOLOGY DEVELOPMENT LLC reassignment EMPIRE TECHNOLOGY DEVELOPMENT LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MORDEHAI MARGALIT HOLDINGS LTD.
Publication of US20140223574A1 publication Critical patent/US20140223574A1/en
Application granted granted Critical
Publication of US9866560B2 publication Critical patent/US9866560B2/en
Assigned to CRESTLINE DIRECT FINANCE, L.P. reassignment CRESTLINE DIRECT FINANCE, L.P. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: EMPIRE TECHNOLOGY DEVELOPMENT LLC
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • a computer-readable medium may be configured to store one or more executable instructions that, when executed, cause one or more processors to receive registration information for a secure data service; receive a request for data; transmit a pointer, having at least one restrictive property for the data; and disable the pointer.
  • a method in another embodiment, includes receiving registration information; receiving a request to securely store a document; storing the document at a first storage location; transmitting, to an address included in the registration information, a secure link corresponding to the first storage location; and disabling the secure link in accordance with at least one predetermined condition.
  • a method includes receiving an exclusive subscriber address, receiving a request to store a document, storing the document with a remote storage service, receiving location information from the remote storage service, transmitting the location information at which the document is stored to the exclusive subscriber address, and invalidating the location information upon fulfillment of a predetermined condition.
  • FIG. 1 shows an example system configuration in which secure data access may be implemented, arranged in accordance with at least some embodiments described herein;
  • FIG. 2 shows an example configuration of an application for implementing secure data access, arranged in accordance with at least some embodiments described herein;
  • FIG. 3 shows an example processing flow for implementing secure data access, arranged in accordance with at least some embodiments described herein;
  • FIG. 4 shows a block diagram illustrating an example computing device by which various example solutions described herein may be implemented, arranged in accordance with at least some embodiments described herein.
  • FIG. 1 shows an example system configuration 100 in which secure data access may be implemented, arranged in accordance with at least some embodiments described herein.
  • configuration 100 includes a client device 104 ; a data storage/retrieval service 105 at which any of servers 106 A, 106 B, . . . , 106 N may securely store data 107 ; a remote storage/retrieval service 112 ; and another client device 114 .
  • a user 102 may be regarded as a person or entity that exercises ownership and/or control over client device 104 ; and another such user may exercise similar ownership and/or control over the other client device 114 .
  • user 102 may be a person who desires to securely store and retrieve one or more digital files utilizing services offered by service provider 105 .
  • references to a “cloud” may refer to wide area networks (WAN), e.g., the Internet, or a local area network (LAN) within an organization.
  • WAN wide area networks
  • LAN local area network
  • non-limiting examples of a “digital file” may refer to any document, e.g., passport, driver's license, contract, will, purchase agreement, medical record, laboratory notebook, etc.
  • Digital files, as described herein, may be alternatively referred to as “data,” e.g., within the context of “data storage” and/or “data retrieval.”
  • Client device 104 may be implemented as a mobile (or portable) electronic device such as a mobile phone, cell phone, smartphone, personal data assistant (PDA), a personal media player device, an application specific device, or a hybrid device that includes any of the above functions.
  • Client device 104 may also be implemented as a personal computer including tablet, laptop computer, and non-laptop computer configurations, which may be connected to a wireless, wired, or mobile communications network.
  • a wireless service provider for implementing communications for client device 104 may alternatively be referred to as a mobile network carrier, wireless carrier, or even cellular company. Regardless of the alternate reference, the wireless service provider may provide network communication services for mobile communications subscribers. Non-limiting examples of such network communication services may include telephone communication services and internet connectivity services.
  • Client device 104 may be configured to communicate with service provider 105 and/or another client device 114 , utilizing a communication infrastructure provided by the wireless service provider.
  • Service provider 105 may refer to a cloud-based, secure data storage and/or retrieval platform.
  • Service provider 105 may be a proprietary service within, e.g., a corporate entity. That is, the infrastructure that includes cloud-based service provider 105 may be operated for a single organization, and may be managed internally by the single organization and hosted internally or externally. Alternatively, service provider 105 may be owned and/or operated by a third-party service provider. Non-limiting examples of such organizations that operate, manage, and/or host such an infrastructure may include, but not be limited to, Amazon®, Microsoft®, Google®, Apple®, IBM®, etc.
  • service provider 105 may include a platform framework of hardware, software, firmware, or any combination thereof, on which an application, or some computer program product, may be hosted and/or executed for one or more digital files that are received from client device 104 . More particularly, service provider 105 may be implemented as a cloud-based file storage and retrieval service to which at least user 102 of client device 104 may register prior to use. Further, service provider 105 may partner with remote storage/retrieval service 112 to store one or more digital files for user 102 who has subscribed to storage/retrieval services offered by service provider 105 .
  • Service provider 105 may include an infrastructure having multiple servers, 106 A, 106 B, . . . , 106 N that include, e.g., computer hardware and computer software, configured to store data 107 , and that are configured to provide additional secure cloud-based storage and retrieval services. Unless a distinction is necessary for the purposes of the present description, servers 106 A, 106 B, . . . , 106 N may be referred to, collectively, hereafter as “servers 106 .”
  • the infrastructure for a cloud-based storage and retrieval service provider for implementing secure data access is in no way limited to the embodiments depicted as part of configuration 100 .
  • Quantities of, e.g., servers 106 hosted thereon or otherwise associated therewith, as well as a locality for data 107 or virtualizations thereof, may vary from one embodiment to another, without departing from the spirit or scope of secure data access, as described herein.
  • Remote storage/retrieval service 112 may also refer to a cloud-based, secure data storage and/or retrieval platform owned and/or operated by a third-party service provider, which may be separate or independent of service provider 105 .
  • remote storage/retrieval service 112 may include a separate service provider with which service provider 105 partners to store digital files for one or more subscribers to service provider 105 .
  • a communication link 108 may refer to a communication link that is enabled by a protocol utilized to transmit, at least, subscription information and digital files between client device 104 and service provider 105 .
  • a communication link 110 may refer to a communication link that is enabled by a protocol utilized to transmit, at least, digital files between service provider 105 and remote storage/retrieval service 112 .
  • a communication link 116 may refer to a communication link that is enabled by a protocol utilized to transmit, at least, location information for at least one digital file between client device 104 and client device 114 .
  • the aforementioned protocols referring to communication links 108 , 110 , and 116 may include any mobile communications technology, e.g., GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), etc., depending upon the technologies supported by particular wireless service providers to whose services client device 104 , service provider 105 , remote storage/retrieval service 112 , and client device 114 may respectively be assigned or subscribed.
  • GSM Global System for Mobile Communications
  • CDMA Code Division Multiple Access
  • one or more of the aforementioned communication links 108 , 110 , and 116 may be implemented utilizing non-cellular technologies such as Wi-FiTM, wireless local area network (WLAN or IEEE (Institute of Electrical and Electronics Engineers) 802.11), WiMAXTM (Worldwide Interoperability for Microwave Access), BluetoothTM, hard-wired connections, e.g., cable, phone lines, and other analog and digital wireless voice and data transmission technologies.
  • Wi-FiTM wireless local area network
  • WiMAXTM Worldwide Interoperability for Microwave Access
  • BluetoothTM Worldwide Interoperability for Microwave Access
  • hard-wired connections e.g., cable, phone lines, and other analog and digital wireless voice and data transmission technologies.
  • FIG. 1 shows an example implementation of a system configuration 100 for implementing secure data access.
  • FIG. 2 shows an example configuration of an application 200 for implementing secure data access, arranged in accordance with at least some embodiments described herein.
  • Application 200 may refer to a program implemented by hardware, software, firmware, or any combination thereof.
  • application 200 may be hosted on one or more of servers 106 associated with service provider 105 .
  • application 200 may include various components or modules, e.g., implemented by one or more computer-readable media including but not limited to Application Specific Integrated Circuit (ASIC) or Customer Specific Integrated Circuit (CSIC).
  • ASIC Application Specific Integrated Circuit
  • CSIC Customer Specific Integrated Circuit
  • the various components or modules corresponding to application 200 may include, but are not limited to, a subscriber interface 202 , a data file storage manager 204 , and a third-party interface 206 .
  • application 200 is not limited to such components or modules, as obvious modifications may be made by adding further components or modules or even eliminating at least one of the components or modules described here or even by having various components or modules assuming roles accorded to other components or
  • Subscriber interface 202 may refer to a component or module that may be designed, programmed, and/or configured to interface with, at least, client device 104 and/or any device corresponding to an address provided by user 102 , e.g., during a subscription process with service provider 105 .
  • subscriber interface 202 may enable client device 104 , under the ownership and/or control of user 102 , to subscribe to the secure cloud-based storage and retrieval services offered by service provider 105 .
  • Service provider 105 may offer, and user 102 of client device 104 may subscribe to, secure cloud-based storage and retrieval services by which a locator for a stored digital file may be transmitted exclusively to the address specified by user 102 as part of the registration or subscription process with service provider 105 .
  • an address may include one of a telephone number, an email address, an IP address, or a media access control (MAC) address.
  • the locator may be transmitted to a device corresponding to the given address in the form of an SMS text message, an instant message, a voice mail, an email, or any other suitable communication using the given address.
  • the locator itself which may alternatively be referred to as a pointer, may be provided in the form of a proprietary code or a Uniform Resource Locator (URL).
  • URL Uniform Resource Locator
  • the locator may be considered to have one or more restrictive properties which, themselves, may vary from one embodiment to another. Examples of such restrictive properties include, but are not limited to, one-time use, one-time use by a device at a corresponding address, one-time use after transfer, one-time use upon entry of a password, one-time use upon biometric authorization, etc.
  • restrictive properties include, but are not limited to, one-time use, one-time use by a device at a corresponding address, one-time use after transfer, one-time use upon entry of a password, one-time use upon biometric authorization, etc.
  • Subscriber interface 202 may enable a locator or pointer to a storage location of data 107 , which may be stored by service provider 105 , to be transmitted to an address for the other client device 114 .
  • the address for the other client device 114 may be submitted to service provider 105 by client device 104 , under ownership and/or control of user 102 , during the registration or subscription process with service provider 105 .
  • the exclusive or restricted locator or pointer to the storage location of data 107 may be transmitted to the other client device 114 via client device 104 ; alternatively the locator or pointer may be transmitted directly to the other client device 114 from service provider 105 upon authorization by client device 104 , under ownership and/or control of user 102 , by, e.g., submission of a verified password. Accordingly, the locator or pointer may be transmitted to the other client device, from client device 104 or from service provider 105 , by SMS text message, an instant message, a voice mail, an email, or any other suitable communication using the address for the other client device 114 .
  • the exclusive or restricted locator or pointer to the storage location of data 107 may be transmitted to the other client device 114 via client device 104 ; alternatively, when client device 104 passes the authorization to service provider 105 , the locator or pointer may be transmitted directly to the other client device 114 from service provider 105 .
  • QR Quick Response
  • Data file storage manager 204 may refer to a component or module that may be designed, programmed, and/or configured to manage storage of one or more digital files for user 102 .
  • data file storage manager 204 may direct data 107 to be stored on any of servers 106 hosted by service provider 105 .
  • data file storage manager 204 may direct data 107 to be stored on any server hosted by remote storage/retrieval service 112 . Regardless of the location of stored data 107 , the location may be recorded and managed by data file storage manager 204 .
  • Data file storage manager 204 may be further designed, programmed, and/or configured to provide the location of stored data 107 to subscriber interface 202 for transmission to the address specified by user 102 , e.g., as part of the registration of subscription process with service provider 105 .
  • the location of stored data 107 may be provided in the form of proprietary code or a URL, referred to above as the exclusive or restricted locator or pointer to the storage location of data 107 .
  • Data file storage manager 204 may be further designed, programmed, and/or configured to disable the locator or pointer to the storage location of data 107 upon fulfillment of at least one predetermined condition. For example, if subscriber interface 202 detects an attempt to access data 107 using a locator or pointer from a device that does not correspond to the address provided during the registration or subscription process, data file storage manager 204 may disable the link or invalidate the locator or pointer. Further, after the location of stored data 107 has been provided to subscriber interface 202 , data file storage manager 204 may disable the link or invalidate the locator or pointer after a first successful access to data 107 or after a predetermined amount of time, e.g., hours, days, or weeks, has elapsed.
  • a predetermined amount of time e.g., hours, days, or weeks
  • Data file storage manager 204 may be further designed, programmed, and/or configured to erase data 107 , or to instruct the deletion of data 107 , from a storage location upon disabling the link or invalidating the locator or pointer. Accordingly, data file storage manager 204 may be even further designed, programmed, and/or configured to direct data 107 to be stored at a new storage location on any of servers 106 hosted by service provider 105 or at a new storage location on any server hosted by remote storage/retrieval service 112 . Data file storage manager 204 may, thusly, be designed, programmed, and/or configured to provide the new storage location of stored data 107 to subscriber interface 202 for transmission to the address specified by user 102 .
  • Remote data center interface 206 may refer to a component or module that may be designed, programmed, and/or configured to interface with, at least, remote storage/retrieval service 112 .
  • remote data center interface 206 may manage communications with remote storage/retrieval service 112 by, at least, relaying data 107 and an instruction to store data 107 .
  • At least one other embodiment may include subscriber interface 202 transmitting an instruction to client device 104 to transmit data 107 directly to remote storage/retrieval service 112 , and remote data center interface 206 transmitting an instruction to remote storage/retrieval service 112 for data 107 to be stored there.
  • remote data center interface 206 may be designed, programmed, and/or configured to manage communications between application 200 and remote storage/retrieval service 112 , including receiving a location at which data 107 on any corresponding servers.
  • FIG. 2 shows an example configuration of an application 200 for implementing secure data access, as implemented on one or more servers of a secure cloud-based storage and retrieval service.
  • FIG. 3 shows an example processing flow 300 for implementing secure data access, arranged in accordance with at least some embodiments described herein.
  • Processing flow 300 may include various operations, functions, or actions as illustrated by one or more of blocks 302 , 304 , 306 , 308 , and/or 310 . More particularly, processing flow 300 shows sub-processes that may be executed by various components of application 200 hosted on or otherwise associated with cloud-based service provider 105 . Although illustrated as discrete blocks, various blocks may be divided into additional blocks, combined into fewer blocks, or eliminated, depending on the desired implementation. Processing may begin at block 302 .
  • Block 302 may refer to subscriber interface 202 interfacing with, at least, client device 104 , so that user 102 , exercising ownership and/or control of client device, may subscribe to the secure cloud-based storage and retrieval services offered by the service provider 105 .
  • subscriber interface 202 may receive an address specified by user 102 , via client device 104 , that identifies an exclusive address to which a locator, or pointer, for a location of stored data 107 is transmitted.
  • subscriber interface 202 may receive, and therefore associate user 102 with, an address in the form of a telephone number, an email address, an IP address, an IP address, or a MAC address.
  • the locator, or pointer may be provided in the form of a proprietary code or a URL, and further may be transmitted from application 200 for access by user 102 in the form of, e.g., an SMS text message, an instant message, a voice mail, or an email.
  • Processing flow 300 may proceed from block 302 to block 304 .
  • Block 304 may refer to data file storage manager 204 directing data 107 , received from client device 104 under the ownership and/or control of user 102 , to be stored in any of servers 106 hosted by service provider 105 .
  • data file storage manager 204 may direct data 107 to be stored on any server hosted by remote storage/retrieval service 112 . Regardless of the location of stored data 107 , the location may be recorded and managed by data file storage manager 204 .
  • Block 304 may further refer to data file storage manager 204 recording a storage location of data 107 at one of servers 106 or at one of the servers hosted by remote storage/retrieval service 112 , as received by remote data center interface 206 .
  • Processing flow 300 may proceed from block 304 to block 306 .
  • Block 306 may refer to subscriber interface 202 transmitting the location of stored data 107 , whether stored on one of servers 106 or on any server hosted by remote storage/retrieval service 112 , to the address specified by user 102 , via client device 104 , as part of the registration of subscription process with service provider 105 .
  • the transmission of the location of stored data 107 , or pointer thereto, may be an exclusive transmission. That is, the device corresponding to the address provided by user 102 , e.g., during the registration process, may be the device to which the location may be exclusively transmitted, thus facilitating secure retrieval of stored data 107 .
  • the location of stored data 107 may be provided in the form of proprietary code or a URL in the form of, e.g., an SMS text message, an instant message, a voice mail, or an email. Processing flow 300 may proceed from block 306 to block 308 .
  • Block 308 may refer to data file storage manager 204 detecting that a predetermined threshold condition has been met before the location of stored data 107 is changed.
  • the threshold condition may include a passage of a predetermined amount of time since the transmission of the location of stored data 107 by subscriber interface 202 to the address specified by user 102 .
  • the predetermined amount of time may be set and measured in terms of seconds, minutes, days, weeks, or even months; and, further, the predetermined amount of time may be dynamically set and/or revised by data file storage manager 204 , user 102 via client device 104 , or a combination thereof as part of the aforementioned subscription process.
  • the threshold condition may include a first access of stored data 107 at the location specified in the transmission from subscriber interface 202 to the address specified by user 102 .
  • Detection of the access may be implemented by either subscriber interface 202 or data file storage manager 204 , singularly or in combination; alternatively, such detection may be communicated by a server hosted by remote storage/retrieval service 112 to remote data center interface 206 .
  • Processing flow 300 may proceed from block 308 to block 310 .
  • the threshold condition may include subscriber interface 202 detecting an attempt to access data 107 using a locator or pointer from a device that does not correspond to the address provided during the registration or subscription process.
  • Block 310 may refer to data file storage manager 204 changing the location at which data 107 is stored.
  • digital file manager 204 may then utilize fulfillment of the threshold condition at block 308 as a catalyst to disable the link or URL and change the storage location of data 107 , either on one of servers 106 or a server hosted by remote storage/retrieval service 112 , for which a new link or URL may be generated.
  • changing the storage location of data 107 may include erasing or deleting data 107 from a most recent storage location, whether on one of servers 106 or one of the servers hosted by remote storage/retrieval service 112 .
  • the location of stored data 107 may be transmitted to client device 104 in the form of an SMS text message that includes a link to data 107 stored on one of servers 106 .
  • digital file manager 204 may disable or invalidate the link or URL to the storage location of data 107 , erase data 107 from the most recent storage location, and further direct data 107 to be stored at another location on one of servers 106 .
  • digital file manager 204 may deactivate the link, erase data 107 from the most recent storage location, and then generate a new link to the location of stored data 107 while maintaining the storage location of data 107 on one of servers 106 . Processing flow 300 may then return from block 310 to block 306 .
  • client device 104 may transmit the received location of stored data 107 to another client device 114 . That is, the message, e.g., link, which includes the location of stored data 107 , may be transmitted to another client device 114 , at which the link may be activated to access stored data 107 , e.g., upon authorization by a password from client device 104 .
  • the message e.g., link
  • the link may be activated to access stored data 107 , e.g., upon authorization by a password from client device 104 .
  • digital file manager 204 may disable the link, delete data 107 from the most recent storage location, and then change the storage location and/or link to stored data 107 . Processing flow 300 may then return from block 310 to block 306 .
  • digital file manager 204 may disable the link, delete data 107 from the most recent storage location, and then change the storage location and/or link to stored data 107 . Processing flow 300 may then return from block 310 to block 306 .
  • Another example embodiment may include a scenario in which access to the location of stored data 107 is limited to client device 104 corresponding to the address specified by user 102 during the subscription process with service provider 105 .
  • stored data 107 is an identification document, e.g., driver's license, passport, etc.
  • verification thereof may not be permissible based on a display of data 107 on client device 104 .
  • authorization of a passport at customs may require verification on an authenticated client device.
  • access to the location of stored data 107 may be provided directly to another, i.e., authenticated, client device 114 directly from subscriber interface 202 or from client device 104 after the client device 114 has been authenticated by client device 104 .
  • Such authentication may be implemented by client device 104 scanning a QR code, bar code, or other accessible code, which may then be transmitted from client device 104 to subscriber interface 202 for authentication.
  • verification of data 107 may be executed on a device other than client device 104 .
  • Processing flow 300 may then return from block 310 to block 306 .
  • Block 306 Transmit Storage Location
  • subscriber interface 202 transmitting the updated location of stored data 107 or updated link to the address specified by user 102 .
  • FIG. 3 therefore, shows an example processing flow for implementing secure data access on one or more servers of a secure cloud-based storage and retrieval service.
  • FIG. 4 shows a block diagram illustrating an example computing device 400 by which various example solutions described herein may be implemented, arranged in accordance with at least some embodiments described herein.
  • FIG. 4 shows an illustrative computing embodiment, in which any of the processes and sub-processes described herein may be implemented as computer-readable instructions stored on a computer-readable medium.
  • the computer-readable instructions may, for example, be executed by a processor of a mobile unit, a network element, and/or any other computing device, particularly as applicable to the applications and/or programs described above corresponding to the configuration 100 for masking phone numbers.
  • a computing device 400 may typically include one or more processors 404 and a system memory 406 .
  • a memory bus 408 may be used for communicating between processor 404 and system memory 406 .
  • processor 404 may be of any type including but not limited to a microprocessor ( ⁇ P), a microcontroller ( ⁇ C), a digital signal processor (DSP), or any combination thereof.
  • Processor 404 may include one or more levels of caching, such as a level one cache 410 and a level two cache 412 , a processor core 414 , and registers 416 .
  • the processor core 414 may include an arithmetic logic unit (ALU), a floating point unit (FPU), a digital signal processing core (DSP Core), or any combination thereof.
  • a memory controller 418 may also be used with the processor 404 ; or in some implementations, memory controller 418 may be internal to processor 404 .
  • system memory 406 may be of any type including but not limited to volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.) or any combination thereof.
  • System memory 406 may include an operating system 420 , one or more applications 422 , and program data 424 .
  • Application 422 may include the aforementioned application 200 , e.g., client application 426 , that may be arranged to perform the functions for masking phone numbers, which are described previously with respect to FIGS. 1-3 .
  • Program data 424 may include a table 450 , which may be useful for implementing actuation of appropriate components or modules as described herein.
  • table 450 may include catalog information regarding data stored in a local cloud-based service and data center, information regarding other cloud-based service and data centers associated with a particular cloud-based storage service, etc.
  • System memory 406 is an example of computer storage media.
  • Computer storage media may include, but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which may be used to store the desired information and which may be accessed by computing device 400 . Any such computer storage media may be part of computing device 400 .
  • the network communication link may be one example of a communication media.
  • Communication media may typically be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media.
  • a “modulated data signal” may be a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), microwave, infrared (IR) and other wireless media.
  • RF radio frequency
  • IR infrared
  • the term computer readable media as used herein may include both storage media and communication media.
  • Computing device 400 may be implemented as a portion of a small-form factor portable (or mobile) electronic device such as mobile client 104 or, alternatively, a personal data assistant (PDA), a personal media player device, a wireless web-watch device, a personal headset device, an application specific device, or a hybrid device that include any of the above functions.
  • PDA personal data assistant
  • Computing device 400 may also be implemented as a personal computer including both laptop computer and non-laptop computer configurations.
  • the implementer may opt for a mainly hardware and/or firmware vehicle; if flexibility is paramount, the implementer may opt for a mainly software implementation; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware.
  • a signal bearing medium examples include, but are not limited to, the following: a recordable type medium such as a floppy disk, a hard disk drive, a CD, a DVD, a digital tape, a computer memory, etc.; and a transmission type medium such as a digital and/or an analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communications link, a wireless communication link, etc.).
  • a typical data processing system generally includes one or more of a system unit housing, a video display device, a memory such as volatile and non-volatile memory, processors such as microprocessors and digital signal processors, computational entities such as operating systems, drivers, graphical user interfaces, and applications programs, one or more interaction devices, such as a touch pad or screen, and/or control systems including feedback loops and control motors, e.g., feedback for sensing position and/or velocity; control motors for moving and/or adjusting components and/or quantities.
  • a typical data processing system may be implemented utilizing any suitable commercially available components, such as those typically found in data computing/communication and/or network computing/communication systems.
  • any two components so associated can also be viewed as being “operably connected”, or “operably coupled”, to each other to achieve the desired functionality, and any two components capable of being so associated can also be viewed as being “operably couplable”, to each other to achieve the desired functionality.
  • operably couplable include but are not limited to physically mateable and/or physically interacting components and/or wirelessly interactable and/or wirelessly interacting components and/or logically interacting and/or logically interactable components.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
US14/007,560 2012-12-20 2012-12-20 Secure data access Expired - Fee Related US9866560B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2012/070835 WO2014098856A2 (fr) 2012-12-20 2012-12-20 Accès aux données sécurisé

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/070835 A-371-Of-International WO2014098856A2 (fr) 2012-12-20 2012-12-20 Accès aux données sécurisé

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/864,068 Continuation US20180131698A1 (en) 2012-12-20 2018-01-08 Secure data access

Publications (2)

Publication Number Publication Date
US20140223574A1 US20140223574A1 (en) 2014-08-07
US9866560B2 true US9866560B2 (en) 2018-01-09

Family

ID=50979356

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/007,560 Expired - Fee Related US9866560B2 (en) 2012-12-20 2012-12-20 Secure data access
US15/864,068 Abandoned US20180131698A1 (en) 2012-12-20 2018-01-08 Secure data access

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/864,068 Abandoned US20180131698A1 (en) 2012-12-20 2018-01-08 Secure data access

Country Status (2)

Country Link
US (2) US9866560B2 (fr)
WO (1) WO2014098856A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131698A1 (en) * 2012-12-20 2018-05-10 Empire Technology Development Llc Secure data access
US10832108B2 (en) 2017-02-26 2020-11-10 StickEcodes Incorporated Information linking system and method of operation thereof

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10250579B2 (en) * 2013-08-13 2019-04-02 Alcatel Lucent Secure file transfers within network-based storage
US9383947B2 (en) * 2014-04-02 2016-07-05 Adobe Systems Incorporated Printing digital images using an image printing system
US9635027B1 (en) * 2016-09-02 2017-04-25 Blink.Cloud LLC Data transmission using dynamically rendered message content prestidigitation
US10878053B2 (en) 2018-09-26 2020-12-29 Ebay Inc. Detecting selection of disabled inner links within nested content

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080208867A1 (en) 2007-02-26 2008-08-28 Pado Metaware Ab Method and system for invitational recruitment to a web site
US20090228716A1 (en) * 2008-02-08 2009-09-10 Pado Metawsre Ab Method and system for distributed coordination of access to digital files
US7644434B2 (en) * 2002-04-25 2010-01-05 Applied Identity, Inc. Computer security system
US7925759B2 (en) * 2003-01-14 2011-04-12 Netapp Method and apparatus for transmission and storage of digital medical data
US20110264906A1 (en) 2010-04-27 2011-10-27 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for providing secure access to cloud computing for mobile users
US20120167094A1 (en) 2007-06-22 2012-06-28 Suit John M Performing predictive modeling of virtual machine relationships
US20120167180A1 (en) * 2010-12-22 2012-06-28 Hon Hai Precision Industry Co., Ltd. Cloud server and access management method
US20120291133A1 (en) * 2011-05-11 2012-11-15 International Business Machines Corporation Security compliant data storage management
WO2012167094A1 (fr) 2011-06-01 2012-12-06 Security First Corp. Systèmes et procédés pour un stockage distribué sécurisé
US20130074158A1 (en) * 2011-09-20 2013-03-21 Nokia Corporation Method and apparatus for domain-based data security
US20140096199A1 (en) * 2012-09-28 2014-04-03 Manish Dave Device and methods for management and access of distributed data sources
US8788427B2 (en) * 2012-05-18 2014-07-22 Active Network, Llc Limiting data exposure in authenticated multi-system transactions

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6934838B1 (en) * 1998-06-01 2005-08-23 Entrust Technologies Ltd. Method and apparatus for a service provider to provide secure services to a user
CA2521770A1 (fr) * 2005-09-30 2007-03-30 Oz Communications Securisation d'identificateur d'utilisateur a l'aide de liaisons et de methodes de transport wv
US20070288247A1 (en) * 2006-06-11 2007-12-13 Michael Mackay Digital life server
US8296834B2 (en) * 2007-08-02 2012-10-23 Deluxe Corporation Secure single-sign-on portal system
US9858631B2 (en) * 2012-10-25 2018-01-02 Intelligent ID Solutions, LLC Personal medical information storage device and system
US9866560B2 (en) * 2012-12-20 2018-01-09 Empire Technology Development Llc Secure data access

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7644434B2 (en) * 2002-04-25 2010-01-05 Applied Identity, Inc. Computer security system
US7925759B2 (en) * 2003-01-14 2011-04-12 Netapp Method and apparatus for transmission and storage of digital medical data
US20080208867A1 (en) 2007-02-26 2008-08-28 Pado Metaware Ab Method and system for invitational recruitment to a web site
US20120167094A1 (en) 2007-06-22 2012-06-28 Suit John M Performing predictive modeling of virtual machine relationships
US20090228716A1 (en) * 2008-02-08 2009-09-10 Pado Metawsre Ab Method and system for distributed coordination of access to digital files
US20110264906A1 (en) 2010-04-27 2011-10-27 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for providing secure access to cloud computing for mobile users
US20120167180A1 (en) * 2010-12-22 2012-06-28 Hon Hai Precision Industry Co., Ltd. Cloud server and access management method
US20120291133A1 (en) * 2011-05-11 2012-11-15 International Business Machines Corporation Security compliant data storage management
WO2012167094A1 (fr) 2011-06-01 2012-12-06 Security First Corp. Systèmes et procédés pour un stockage distribué sécurisé
US20130074158A1 (en) * 2011-09-20 2013-03-21 Nokia Corporation Method and apparatus for domain-based data security
US8788427B2 (en) * 2012-05-18 2014-07-22 Active Network, Llc Limiting data exposure in authenticated multi-system transactions
US20140096199A1 (en) * 2012-09-28 2014-04-03 Manish Dave Device and methods for management and access of distributed data sources

Non-Patent Citations (10)

* Cited by examiner, † Cited by third party
Title
"Personal Cloud Storage," accessed at http://www.exelegalservices.com/services/digital-documentation/personal-cloud-storeage/, accessed on Jan. 30, 2015, pp. 2.
"Personal Solutions," accessed at https://web.archive.org/web/20121104115924/http://www.wwpass.com/solutions/personal/, pp. 3, Nov. 4, 2012.
"PhoneFactor's Out-of-Band Authentication Platform Offers Stronger Security", 2 pages 2012.
"The features that make Nomadesk secure and simple" accessed at https://web.archive.org/web/20121004023925/https://www.nomadesk.com/features, pp. 4, Oct. 4, 2012.
http://www.exelegalservices.com/services/digital-documentation/personal-cloud-storage/, 2 pages, 2013.
http://www.wwpass.com/solutions/personal/, 2013.
International Search Report from corresponding International Application No. PCT/US12/070835 dated May 9, 2013.
Method of Generating Weblinks to Stored Information, 2013.
VaultWorthy-Preserve and Protect Your Critical Documents, https://www.vaultworthy.com/features, 2 pgs. 2012.
VaultWorthy—Preserve and Protect Your Critical Documents, https://www.vaultworthy.com/features, 2 pgs. 2012.

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131698A1 (en) * 2012-12-20 2018-05-10 Empire Technology Development Llc Secure data access
US10832108B2 (en) 2017-02-26 2020-11-10 StickEcodes Incorporated Information linking system and method of operation thereof
US10860907B2 (en) 2017-02-26 2020-12-08 StickEcodes Incorporated Information linking system with geo-location mechanism and method of operation thereof

Also Published As

Publication number Publication date
WO2014098856A2 (fr) 2014-06-26
US20140223574A1 (en) 2014-08-07
US20180131698A1 (en) 2018-05-10
WO2014098856A3 (fr) 2015-06-25

Similar Documents

Publication Publication Date Title
US20180131698A1 (en) Secure data access
US11323260B2 (en) Method and device for identity verification
US9723463B2 (en) Method and apparatus for a device identifier based solution for user identification
US10212179B2 (en) Method and system for checking security of URL for mobile terminal
US9449154B2 (en) Method and apparatus for granting rights for content on a network service
US10091188B2 (en) Accelerated passphrase verification
US20190075117A1 (en) Method for serving location information access requests
US9013267B2 (en) Systems and methods for position-based loaning of electronic documents to electronic device users
US9819668B2 (en) Single sign on for native and wrapped web resources on mobile devices
US20110167479A1 (en) Enforcement of policies on context-based authorization
US20110239281A1 (en) Method and apparatus for authentication of services
US20140123319A1 (en) System, Method and Apparatus For Facilitating Resource Security
US20100153568A1 (en) Methods, apparatuses, and computer program products for providing a local proxy for accessing web services
JP2014522588A5 (fr)
US20170078274A1 (en) Push content to a currently utilized device among client devices
WO2013144436A1 (fr) Procédé et appareil d'adaptation de politiques sur la base d'une analyse de conformité de politique d'applications
US9727879B2 (en) Method and apparatus for providing tag-based content installation
US20110119486A1 (en) Method and apparatus for managing access rights to information spaces
US20160381552A1 (en) Handling risk events for a mobile device
US20220294785A1 (en) Identity Vault Service
CA3073190C (fr) Verification de numero de mobile pour authentification basee sur un reseau mobile
US20140181909A1 (en) System and method for secured access management
US20140089272A1 (en) Method and apparatus for tagged deletion of user online history
US9313539B2 (en) Method and apparatus for providing embedding of local identifiers
US20140047536A1 (en) Electronic device and method for performing user authentication using access point and peripheral device

Legal Events

Date Code Title Description
AS Assignment

Owner name: EMPIRE TECHNOLOGY DEVELOPMENT LLC, DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MORDEHAI MARGALIT HOLDINGS LTD.;REEL/FRAME:030576/0926

Effective date: 20130223

Owner name: MORDEHAI MARGALIT HOLDINGS LTD., ISRAEL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MARGALIT, MORDEHAI;ZILBERBERG, VERED;SIGNING DATES FROM 20130221 TO 20130223;REEL/FRAME:030576/0896

AS Assignment

Owner name: MORDEHAI MARGALIT HOLDINGS LTD., ISRAEL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MARGALIT, MORDEHAI;ZILBERBERG, VERED;REEL/FRAME:031467/0469

Effective date: 20130223

Owner name: EMPIRE TECHNOLOGY DEVELOPMENT LLC, DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MORDEHAI MARGALIT HOLDINGS LTD.;REEL/FRAME:031467/0580

Effective date: 20130223

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
AS Assignment

Owner name: CRESTLINE DIRECT FINANCE, L.P., TEXAS

Free format text: SECURITY INTEREST;ASSIGNOR:EMPIRE TECHNOLOGY DEVELOPMENT LLC;REEL/FRAME:048373/0217

Effective date: 20181228

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20220109